Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I ran Combofix need help understanding the report, what next?


  • This topic is locked This topic is locked
83 replies to this topic

#1 witchswan

witchswan

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:01:39 AM

Posted 28 June 2013 - 06:22 PM

I wish I had seen the warning not to run Combofix before I ran it.  Here is what happened. Ever since those 12 updates from Microsoft June 12 my computer has been behaving strangely on and off. It started with Firefox reporting that the Google Earth plugin needing updating, but when I clicked the link to update, it just rerouted back to the update now link. Filed a request for help in Mozillas help pages, noticed others were having the same problem, so didn't worry about it.
 
Next, was Avast Free 8.0.1489 giving a red warning that it had saved my computer from crashing from an emailed link I had clicked. Tried to get more info but was not told what malware I had been saved from. Closed everything running and ran a full Avast scan, then full scans with Malwarebytes and Sophos Virus removal tool. All came up clean. Thought I had dodged a bullet.

A few days ago with 4 tabs open in Firefox, clicked to open a new tab and when I clicked the bookmark on the bookmark toolbar Firefox opened that site but closed the other 4 tabs. It has never done that before, or since. Later that day when typing a message I got the change user screen in Windows 7 and had to log in again with my password. No idea how that happened. Have not been able to recreate it with different key combos.

2 days ago when I turned on the computer the blue circle spun around for many minutes before telling me the password was incorrect, I had not yet had the opportunity to type my password. I clicked OK, typed the password, the blue circle spun for a few more minutes, then said the password was wrong and I tried again and it worked. There was a Skype update that had just been installed that morning and I wondered if this was the cause of the spinning blue circle and logging in problem? Later was going through the Hotmail/Outlook.com mail and it just stopped working, could not open any more mail, the Outlook error message said to see if Outlook.com was down by clicking a link, I did and got a message saying it was working, check my internet connection.

Tried going to other sites and could not, so tried those addresses at www.isup.me/ was told some were offline, some working OK. Could get there, just not to other sites. Called my ISP to see if the DSL was problematic, they told me no, plus no IP address was showing for my computer. After informing them of the recent strange happenings it was suggested I run Combofix,  so restarted in safe mode with networking and downloaded combofix and ran it. Was unable to stop 2 Avast filters running first though.
 
After running Combofix I had no problems for a whole day.  Today I tried to use IE 10, but get nothing, a white screen, the about Internet Explorer link is greyed out.  Uninstalled IE10 through control panel, then searched for updates, the update for IE9 worked.  The one for IE10 failed, ran the fix it, and troubleshooter.  After rebooting was able to install the IE 10 update, but same problem, white screen and unusable.  Ran an Avast boot scan it said the system is clean. Also ran the Microsoft Malware removal tool also said clean.   Please help!  I'm going to attempt to attach the Combofix report along with the Attach.txt.
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16618  BrowserJavaVersion: 10.25.2
Run by Sue at 18:42:45 on 2013-06-28
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.4000.2233 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.care2.com/c2c/pm/folder/inbox
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [QuickFinder Scheduler] "c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\QFSCHD150.EXE"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Copy to &Lightning Note - C:\Program Files (x86)\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta
IE: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 69.41.192.2 69.41.199.30
TCP: Interfaces\{97BF528D-35E8-4725-AE58-1A089888EE00} : DHCPNameServer = 69.41.192.2 69.41.199.30
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\2nfak06z.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.ctvnews.ca/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-06-24 12:03; troubleshooter@mozilla.org; C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\2nfak06z.default\extensions\troubleshooter@mozilla.org.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-16 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-16 189936]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-6-2 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-6-2 378944]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2011-7-20 22648]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2011-7-20 20520]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2011-7-20 62776]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-6-2 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-6-2 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-24 46808]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-5-29 36456]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-6-2 13336]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-7-20 244624]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-6-2 2656280]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-6-30 54784]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-6-30 77696]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-7-20 317440]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-7-20 1014624]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-2 533096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-4-2 173424]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-23 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-23 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-10-23 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-2 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
ShellExec: LightningViewer.exe: View="c:\Program Files (x86)\Corel\WordPerfect Lightning\Programs\LightningNavigator.exe" "-ViewDocument" "%1"
.
=============== Created Last 30 ================
.
2013-06-28 12:06:00    9552976    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8CAAD95B-CC1D-4079-BBCF-D84AC4B22ED3}\mpengine.dll
2013-06-28 12:03:19    --------    d-----w-    C:\Users\Sue\AppData\Local\{1EE78D1B-7F45-4498-AFF2-891F5AD3F6BD}
2013-06-27 12:55:12    --------    d-----w-    C:\Users\Sue\AppData\Local\{B56B522F-5665-44BE-9462-58ECBACDE3F6}
2013-06-26 13:28:09    --------    d-----w-    C:\Users\Sue\AppData\Local\{CE167CCB-CF68-4D8C-8A97-BC062B7A4864}
2013-06-25 18:01:51    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-06-25 17:24:28    98816    ----a-w-    C:\Windows\sed.exe
2013-06-25 17:24:28    256000    ----a-w-    C:\Windows\PEV.exe
2013-06-25 17:24:28    208896    ----a-w-    C:\Windows\MBR.exe
2013-06-25 13:05:29    --------    d-----w-    C:\Users\Sue\AppData\Local\{966B0B6F-CD0C-48C1-8CA8-C62A32C06C3F}
2013-06-24 12:57:46    --------    d-----w-    C:\Users\Sue\AppData\Local\{9E9597DA-E050-433E-9C08-3BFC60154981}
2013-06-23 12:21:47    --------    d-----w-    C:\Users\Sue\AppData\Local\{13F6455A-4C22-4DB1-AD07-3D1643498543}
2013-06-22 12:05:47    --------    d-----w-    C:\Users\Sue\AppData\Local\{84330D2B-6FDA-4F33-A305-BD8305C3CF3C}
2013-06-21 11:55:58    --------    d-----w-    C:\Users\Sue\AppData\Local\{3A5D6159-0DE1-402D-AF7E-5B6B17D96F3C}
2013-06-20 11:39:25    --------    d-----w-    C:\Users\Sue\AppData\Local\{014A4466-933D-48EF-B15C-62F18F446807}
2013-06-18 21:07:51    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-18 12:50:50    --------    d-----w-    C:\Users\Sue\AppData\Local\{A6D1B691-91B8-4AF3-9505-FD0C3C006F46}
2013-06-17 12:21:58    --------    d-----w-    C:\Users\Sue\AppData\Local\{0C05BCE5-7B5D-4DFE-9ACB-2CFACE83593E}
2013-06-16 12:18:38    --------    d-----w-    C:\Users\Sue\AppData\Local\{EFD3716E-BD58-4484-A95C-0A004F53F5D4}
2013-06-15 18:08:30    --------    d-----w-    C:\Users\Sue\AppData\Local\{F2A4AE35-2D66-4733-B7DE-3B310CB444FD}
2013-06-15 00:48:58    --------    d-----w-    C:\Users\Sue\AppData\Local\{486CEA8E-F683-4AF5-8C55-F94691DBCA71}
2013-06-14 12:48:46    --------    d-----w-    C:\Users\Sue\AppData\Local\{7FEAC19E-6480-442C-9769-AE0605A42DB4}
2013-06-13 13:09:05    --------    d-----w-    C:\Users\Sue\AppData\Local\{47BC56DB-1DA7-4166-9978-C24D8A48A17D}
2013-06-12 14:31:50    --------    d-----w-    C:\Users\Sue\AppData\Local\{2342EF51-EDED-4FAF-8743-E32ABD0B612A}
2013-06-11 18:30:16    9089416    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-06-11 13:59:41    --------    d-----w-    C:\Users\Sue\AppData\Local\{CDC49E2F-CF9D-49D9-9098-55DEBA9509F0}
2013-06-10 13:16:22    --------    d-----w-    C:\Users\Sue\AppData\Local\{D276DD93-3DD1-4C72-B431-824FB0DF85FC}
2013-06-08 11:29:17    --------    d-----w-    C:\Users\Sue\AppData\Local\{BBF61CA6-CA4F-4FE7-B421-05A1BF97FF16}
2013-06-07 13:17:19    --------    d-----w-    C:\Users\Sue\AppData\Local\{B7B128B3-7796-49BA-8764-CC017FF9742E}
2013-06-06 13:27:55    --------    d-----w-    C:\Users\Sue\AppData\Local\{2291C16E-0DC8-41E1-902B-8D2B89F1731E}
2013-06-05 14:53:37    --------    d-----w-    C:\Users\Sue\AppData\Local\{299C0DDA-9C4C-48D5-B114-DBCA43111D42}
2013-06-04 23:43:16    --------    d-----w-    C:\Users\Sue\AppData\Local\{92F4FBCD-77B0-4E53-BA33-CEFB3F53D26F}
2013-06-04 11:43:04    --------    d-----w-    C:\Users\Sue\AppData\Local\{80A092ED-032A-413C-8B64-AFB8B0CDC657}
2013-06-03 11:53:52    --------    d-----w-    C:\Users\Sue\AppData\Local\{818A359C-9755-4C91-8703-1DFC44ECD73B}
2013-06-02 14:11:45    --------    d-----w-    C:\Users\Sue\AppData\Local\{7973F1EC-4DBC-456E-9DC1-FBF43ED4317F}
2013-06-01 13:31:27    --------    d-----w-    C:\Users\Sue\AppData\Local\{6A201CB0-3F23-47C8-821A-769115A915D8}
2013-05-31 13:13:57    --------    d-----w-    C:\Users\Sue\AppData\Local\{F61CBC3B-AAFA-48B1-8E6D-8BA4608543A9}
2013-05-30 15:23:21    --------    d-----w-    C:\Users\Sue\AppData\Local\{EF1E8B60-0B8B-4F24-A14A-D6404EB6BB1E}
.
==================== Find3M  ====================
.
2013-06-28 21:12:46    4704    --sha-w-    C:\ProgramData\KGyGaAvL.sys
2013-06-27 20:55:48    189936    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2013-06-27 20:55:48    1030952    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2013-06-13 01:48:23    867240    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-06-13 01:48:17    789416    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-06-11 18:30:38    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 18:30:38    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-13 05:51:01    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00    1464320    ----a-w-    C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40    52224    ----a-w-    C:\Windows\System32\certenc.dll
2013-05-13 04:45:55    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55    1160192    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55    1192448    ----a-w-    C:\Windows\System32\certutil.exe
2013-05-13 03:08:10    903168    ----a-w-    C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06    43008    ----a-w-    C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27    30720    ----a-w-    C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54    24576    ----a-w-    C:\Windows\SysWow64\cryptdlg.dll
2013-05-09 08:59:07    72016    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2013-05-09 08:59:07    65336    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2013-05-09 08:59:06    80816    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2013-05-09 08:58:37    41664    ----a-w-    C:\Windows\avastSS.scr
2013-05-08 06:39:01    1910632    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-05-02 06:06:08    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-05-01 07:59:12    94208    ----a-w-    C:\Windows\SysWow64\QuickTimeVR.qtx
2013-05-01 07:59:12    69632    ----a-w-    C:\Windows\SysWow64\QuickTime.qts
2013-04-26 05:51:36    751104    ----a-w-    C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21    492544    ----a-w-    C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32    1505280    ----a-w-    C:\Windows\SysWow64\d3d11.dll
2013-04-17 07:02:06    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24:46    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2013-04-13 05:49:23    135168    ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19    350208    ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19    308736    ----a-w-    C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19    111104    ----a-w-    C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16    474624    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15    2176512    ----a-w-    C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54    265064    ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53    983400    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-04-04 18:50:32    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-03-31 22:52:16    1887232    ----a-w-    C:\Windows\System32\d3d11.dll
.
============= FINISH: 18:43:01.38 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 02/06/2012 4:03:28 PM
System Uptime: 28/06/2013 5:05:27 PM (1 hours ago)
.
Motherboard: Acer | | Aspire M3970
Processor: Intel® Core™ i3-2120 CPU @ 3.30GHz | CPU 1 | 3300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 916 GiB total, 872.235 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP560: 21/06/2013 10:00:08 AM - Windows Backup
RP561: 22/06/2013 10:00:07 AM - Windows Backup
RP562: 23/06/2013 10:00:07 AM - Windows Backup
RP563: 24/06/2013 10:00:09 AM - Windows Backup
RP564: 24/06/2013 10:12:52 AM - Removed Google Earth.
RP565: 25/06/2013 8:48:11 AM - Windows Update
RP566: 25/06/2013 10:00:07 AM - Windows Backup
RP567: 26/06/2013 10:00:06 AM - Windows Backup
RP568: 27/06/2013 10:00:08 AM - Windows Backup
RP569: 27/06/2013 10:04:36 AM - Windows Backup
RP570: 28/06/2013 10:00:08 AM - Windows Backup
RP571: 28/06/2013 1:40:54 PM - Windows Modules Installer
RP572: 28/06/2013 1:51:59 PM - Windows Update
RP573: 28/06/2013 1:58:28 PM - Windows Update
RP574: 28/06/2013 2:02:13 PM - Windows Update
RP575: 28/06/2013 2:06:39 PM - Windows Update
RP576: 28/06/2013 2:09:38 PM - Windows Update
RP577: 28/06/2013 4:59:59 PM - Windows Update
.
==== Installed Programs ======================
.
Acer eRecovery Management
Acer Games
Acer Registration
Acer ScreenSaver
Acer Updater
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
Adobe Shockwave Player 12.0
Agatha Christie - Death on the Nile
Apple Application Support
Apple Software Update
avast! Free Antivirus
Bejeweled 2 Deluxe
Belarc Advisor 8.2
BookScan&Whiteboard Suite
Brother MFL-Pro Suite MFC-290C
Build-a-lot 4 - Power Source
Chronicles of Albian
clear.fi
clear.fi Client
Contrôle ActiveX Windows Live Mesh pour connexions à distance
Cradle of Rome 2
D3DX10
Dora's World Adventure
Etron USB3.0 Host Controller
FaceFilter Studio Brother Edition
Final Drive: Nitro
Galerie de photos Windows Live
Google Earth
Google Earth Plug-in
Google Update Helper
Governor of Poker 2 Premium Edition
Hotkey Utility
Icy Tower v1.5
Identity Card
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Java 7 Update 25
Java Auto Updater
Jewel Match 3
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery of Mortlake Mansion
MyWinLocker
MyWinLocker 4
MyWinLocker Suite
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Express 10
Nero Express 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Norton Online Backup
Penguins!
Plants vs. Zombies - Game of the Year
Polar Bowler
Polar Golfer
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Shredder
Skype™ 6.5
Sophos Virus Removal Tool
StudioTax 2011
StudioTax 2012
swMSM
Torchlight
update
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update Installer for WildTangent Games App
Virtual Villagers 5 - New Believers
Welcome Center
WildTangent Games App (Acer Games)
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WordPerfect IFilter 64 bit
WordPerfect Lightning
WordPerfect Lightning - IPM
WordPerfect Lightning - Messages
WordPerfect Lightning - MSOM
WordPerfect Office X5
WordPerfect Office X5 - Common
Wordperfect Office X5 - EN
WordPerfect Office X5 - Filters
WordPerfect Office X5 - Graphics
WordPerfect Office X5 - IPM
WordPerfect Office X5 - LegalTools
WordPerfect Office X5 - Migration Manager
WordPerfect Office X5 - Oxford
WordPerfect Office X5 - PerfectExperts EN
WordPerfect Office X5 - PR
WordPerfect Office X5 - QP
WordPerfect Office X5 - Setup Files
WordPerfect Office X5 - Skins
WordPerfect Office X5 - System EN
WordPerfect Office X5 - Templates
WordPerfect Office X5 - WP
WordPerfect Office X5 - WT
WordPerfect OfficeReady
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
28/06/2013 2:11:59 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 10 for Windows 7 for x64-based Systems.
25/06/2013 1:31:07 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
25/06/2013 1:29:19 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
25/06/2013 1:24:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
25/06/2013 1:09:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
25/06/2013 1:09:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
25/06/2013 1:09:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
25/06/2013 1:09:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
25/06/2013 1:09:11 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswRvrt aswSnx aswSP aswTdi aswVmm discache mwlPSDFilter mwlPSDNServ mwlPSDVDisk spldr Wanarpv6
.
==== End Of File ===========================


ComboFix 13-06-24.01 - Sue 25/06/2013 13:25:46.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.4000.2960 [GMT -4:00]
Running from: c:\users\Sue\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\334AB16BD8.sys
c:\users\Sue\AppData\Local\TheWeatherNetwork\WeatherEye\weathereye.exe
c:\windows\SysWow64\regobj.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-05-25 to 2013-06-25 )))))))))))))))))))))))))))))))
.
.
2013-06-25 17:29 . 2013-06-25 17:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-25 17:21 . 2013-06-25 17:21 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C71C497-6418-44AC-8532-B7B99766E238}\offreg.dll
2013-06-25 12:48 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6C71C497-6418-44AC-8532-B7B99766E238}\mpengine.dll
2013-06-18 21:07 . 2013-06-13 01:47 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-18 21:05 . 2013-06-18 21:05 -------- d-----w- c:\programdata\McAfee
2013-06-12 14:53 . 2013-06-08 12:28 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-12 14:36 . 2013-05-08 06:39 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-11 18:30 . 2013-06-11 18:30 9089416 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-25 16:46 . 2012-06-08 18:58 4704 --sha-w- c:\programdata\KGyGaAvL.sys
2013-06-13 01:48 . 2012-06-03 21:07 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-13 01:48 . 2012-06-03 21:07 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-12 14:54 . 2012-06-02 21:09 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-11 18:30 . 2012-06-04 12:31 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-11 18:30 . 2011-07-20 12:18 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 12:41 . 2010-06-24 18:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-09 08:59 . 2013-03-16 16:14 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2013-03-16 16:14 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-05-09 08:59 . 2012-06-02 20:25 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2012-06-02 20:25 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2012-06-02 20:25 378432 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-05-09 08:59 . 2012-06-02 20:25 1025808 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-09 08:59 . 2012-06-02 20:25 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2012-06-02 20:25 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2012-06-02 20:25 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2012-06-02 20:25 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-02 06:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 07:59 . 2013-05-01 07:59 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 07:59 . 2013-05-01 07:59 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2013-04-13 05:49 . 2013-05-15 12:48 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 12:48 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 12:48 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 12:48 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 12:48 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 12:48 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 12:21 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 06:01 . 2013-05-15 12:48 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01 . 2013-05-15 12:48 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30 . 2013-05-15 12:47 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 18:50 . 2012-06-03 19:21 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-03 19603048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-04-02 340848]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2011-03-29 408432]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2011-03-29 202608]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-05-13 177448]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2011-08-11 627304]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"QuickFinder Scheduler"="c:\program files (x86)\Corel\WordPerfect Office X5\Programs\QFSCHD150.EXE" [2012-09-21 128440]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 aswRvrt;aswRvrt; [x]
R0 aswVmm;aswVmm; [x]
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
R2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 18:30]
.
2013-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-09 16:30]
.
2013-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-09 16:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-30 11660904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.care2.com/c2c/pm/folder/inbox
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Copy to &Lightning Note - c:\program files (x86)\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta
IE: Open with WordPerfect - c:\program files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta
TCP: DhcpNameServer = 69.41.192.2 69.41.199.30
FF - ProfilePath - c:\users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\2nfak06z.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.ctvnews.ca/
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-06-24 12:03; troubleshooter@mozilla.org; c:\users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\2nfak06z.default\extensions\troubleshooter@mozilla.org.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-WeatherEye - c:\users\Sue\AppData\Local\TheWeatherNetwork\WeatherEye\weathereye.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-The Weather Network - c:\users\Sue\AppData\Local\TheWeatherNetwork\WeatherEye\WeatherEye.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-25 13:32:11
ComboFix-quarantined-files.txt 2013-06-25 17:32
.
Pre-Run: 935,331,037,184 bytes free
Post-Run: 935,881,838,592 bytes free
.
- - End Of File - - CE831C7AE105BBD823D45E3DEF663DC3
D41D8CD98F00B204E9800998ECF8427E

Attached Files


Edited by Oh My, 05 July 2013 - 09:01 AM.
Posted logs


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:39 AM

Posted 03 July 2013 - 06:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/499546 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 witchswan

witchswan
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:01:39 AM

Posted 04 July 2013 - 02:41 PM

Since my first post I have not noticed anything else unusual happening.  My Brother printer software is now reporting my printer is offline, even though it works just fine with WordPerfect.  I imagine Combofix deleted some files from that folder as I am also told there is no ink in the printer, not true.  Other Malware scans also did not like the Brother files, but I was given the option of deleting them and declined.  Avast runs some in the sandbox.  The files were installed from the Brother CD that came with the printer. 

 

With the new HD display in Firefox 22.0 I have had some troubles, but think it is with Firefox as opposed to my system.  There is a supposed fix, but as requestd I have not tried any further fixes myself.  I am itching to repair windows, as being able to use IE 10 would be a boon as Firefox is not accepted on some sites I frequent.

 

There were no original CD/DVDs that came with this system.  Did make the recovery disks, and had to restore to factory settings  May 2012 because I got a rootkit infection and Avast recommended deleting the infected files.  The system became unusable after, hence the restore.

 

The only other problem right now is my inability to update Java, Avast reports an update available but the Java site says I am fully updated as does Firefox.  My Java is 10.25.2.16 June12-13, Avast says 7.0.250.17 is available.  Java used to send me a link to click to update, but even after enabling that option again the link is not sent.  I have left it disabled for many months because of all the security problems it has  and have never been told I need it when visiting sites online.

 

I've refrained from sending emails as I am not sure if my system is still infected, or clean.  Would hate to be responsible for spreading something malicious.  As requested by the HelpBot I ran the DDS again today, disconnected from the internet and shut off the Avast shields first this time.  Maybe it is time for a better Firewall and AV software?  Please shine some light on my dilemma.  Thanks a million.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16618  BrowserJavaVersion: 10.25.2
Run by Sue at 14:51:03 on 2013-07-04
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.4000.2391 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.care2.com/c2c/pm/folder/inbox
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [QuickFinder Scheduler] "c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\QFSCHD150.EXE"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
dRunOnce: [IsMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Copy to &Lightning Note - C:\Program Files (x86)\Corel\WordPerfect Lightning\Programs\WPLightningCopyToNote.hta
IE: Open with WordPerfect - c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\WPLauncher.hta
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 69.41.192.2 69.41.199.30
TCP: Interfaces\{97BF528D-35E8-4725-AE58-1A089888EE00} : DHCPNameServer = 69.41.192.2 69.41.199.30
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\2nfak06z.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.ctvnews.ca/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-06-24 12:03; troubleshooter@mozilla.org; C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\2nfak06z.default\extensions\troubleshooter@mozilla.org.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-16 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-16 189936]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-6-2 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-6-2 378944]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2011-7-20 22648]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2011-7-20 20520]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2011-7-20 62776]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-6-2 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-6-2 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-24 46808]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-5-29 36456]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-6-2 13336]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-7-20 244624]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-6-2 2656280]
R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-6-30 54784]
R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-6-30 77696]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-7-20 317440]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-7-20 1014624]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-6-2 533096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-4-2 173424]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-23 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-23 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-10-23 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-2 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
ShellExec: LightningViewer.exe: View="c:\Program Files (x86)\Corel\WordPerfect Lightning\Programs\LightningNavigator.exe" "-ViewDocument" "%1"
.
=============== Created Last 30 ================
.
2013-07-04 14:05:28    76232    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5ADFDFE7-BCD7-43E0-AAE9-E7E012C44BF7}\offreg.dll
2013-07-04 12:27:04    --------    d-----w-    C:\Users\Sue\AppData\Local\{070BADB1-CDD8-4E7F-B803-0ECFFF381003}
2013-07-03 12:36:52    --------    d-----w-    C:\Users\Sue\AppData\Local\{D55FA113-8C03-40A3-BA6B-F00035EC1949}
2013-07-02 12:50:25    9552976    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5ADFDFE7-BCD7-43E0-AAE9-E7E012C44BF7}\mpengine.dll
2013-07-02 12:47:39    --------    d-----w-    C:\Users\Sue\AppData\Local\{62E70774-7FF5-4E5A-8BB2-75081712E501}
2013-07-01 12:33:53    --------    d-----w-    C:\Users\Sue\AppData\Local\{1802B6D1-29DE-4433-BF3B-17263700B077}
2013-06-30 14:12:33    --------    d-----w-    C:\Users\Sue\AppData\Local\{C5C510A6-AEEF-40F3-94F5-EDFC83D870D5}
2013-06-29 12:05:17    --------    d-----w-    C:\Users\Sue\AppData\Local\{97ED5428-F3B9-4FA0-B952-A89CDDB19631}
2013-06-28 12:03:19    --------    d-----w-    C:\Users\Sue\AppData\Local\{1EE78D1B-7F45-4498-AFF2-891F5AD3F6BD}
2013-06-27 12:55:12    --------    d-----w-    C:\Users\Sue\AppData\Local\{B56B522F-5665-44BE-9462-58ECBACDE3F6}
2013-06-26 13:28:09    --------    d-----w-    C:\Users\Sue\AppData\Local\{CE167CCB-CF68-4D8C-8A97-BC062B7A4864}
2013-06-25 18:01:51    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-06-25 17:24:28    98816    ----a-w-    C:\Windows\sed.exe
2013-06-25 17:24:28    256000    ----a-w-    C:\Windows\PEV.exe
2013-06-25 17:24:28    208896    ----a-w-    C:\Windows\MBR.exe
2013-06-25 13:05:29    --------    d-----w-    C:\Users\Sue\AppData\Local\{966B0B6F-CD0C-48C1-8CA8-C62A32C06C3F}
2013-06-24 12:57:46    --------    d-----w-    C:\Users\Sue\AppData\Local\{9E9597DA-E050-433E-9C08-3BFC60154981}
2013-06-23 12:21:47    --------    d-----w-    C:\Users\Sue\AppData\Local\{13F6455A-4C22-4DB1-AD07-3D1643498543}
2013-06-22 12:05:47    --------    d-----w-    C:\Users\Sue\AppData\Local\{84330D2B-6FDA-4F33-A305-BD8305C3CF3C}
2013-06-21 11:55:58    --------    d-----w-    C:\Users\Sue\AppData\Local\{3A5D6159-0DE1-402D-AF7E-5B6B17D96F3C}
2013-06-20 11:39:25    --------    d-----w-    C:\Users\Sue\AppData\Local\{014A4466-933D-48EF-B15C-62F18F446807}
2013-06-18 21:07:51    96168    ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-18 12:50:50    --------    d-----w-    C:\Users\Sue\AppData\Local\{A6D1B691-91B8-4AF3-9505-FD0C3C006F46}
2013-06-17 12:21:58    --------    d-----w-    C:\Users\Sue\AppData\Local\{0C05BCE5-7B5D-4DFE-9ACB-2CFACE83593E}
2013-06-16 12:18:38    --------    d-----w-    C:\Users\Sue\AppData\Local\{EFD3716E-BD58-4484-A95C-0A004F53F5D4}
2013-06-15 18:08:30    --------    d-----w-    C:\Users\Sue\AppData\Local\{F2A4AE35-2D66-4733-B7DE-3B310CB444FD}
2013-06-15 00:48:58    --------    d-----w-    C:\Users\Sue\AppData\Local\{486CEA8E-F683-4AF5-8C55-F94691DBCA71}
2013-06-14 12:48:46    --------    d-----w-    C:\Users\Sue\AppData\Local\{7FEAC19E-6480-442C-9769-AE0605A42DB4}
2013-06-13 13:09:05    --------    d-----w-    C:\Users\Sue\AppData\Local\{47BC56DB-1DA7-4166-9978-C24D8A48A17D}
2013-06-12 14:31:50    --------    d-----w-    C:\Users\Sue\AppData\Local\{2342EF51-EDED-4FAF-8743-E32ABD0B612A}
2013-06-11 18:30:16    9089416    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-06-11 13:59:41    --------    d-----w-    C:\Users\Sue\AppData\Local\{CDC49E2F-CF9D-49D9-9098-55DEBA9509F0}
2013-06-10 13:16:22    --------    d-----w-    C:\Users\Sue\AppData\Local\{D276DD93-3DD1-4C72-B431-824FB0DF85FC}
2013-06-08 11:29:17    --------    d-----w-    C:\Users\Sue\AppData\Local\{BBF61CA6-CA4F-4FE7-B421-05A1BF97FF16}
2013-06-07 13:17:19    --------    d-----w-    C:\Users\Sue\AppData\Local\{B7B128B3-7796-49BA-8764-CC017FF9742E}
2013-06-06 13:27:55    --------    d-----w-    C:\Users\Sue\AppData\Local\{2291C16E-0DC8-41E1-902B-8D2B89F1731E}
2013-06-05 14:53:37    --------    d-----w-    C:\Users\Sue\AppData\Local\{299C0DDA-9C4C-48D5-B114-DBCA43111D42}
2013-06-04 23:43:16    --------    d-----w-    C:\Users\Sue\AppData\Local\{92F4FBCD-77B0-4E53-BA33-CEFB3F53D26F}
.
==================== Find3M  ====================
.
2013-07-03 18:55:11    4704    --sha-w-    C:\ProgramData\KGyGaAvL.sys
2013-06-27 20:55:48    189936    ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
2013-06-27 20:55:48    1030952    ----a-w-    C:\Windows\System32\drivers\aswSnx.sys
2013-06-13 01:48:23    867240    ----a-w-    C:\Windows\SysWow64\npDeployJava1.dll
2013-06-13 01:48:17    789416    ----a-w-    C:\Windows\SysWow64\deployJava1.dll
2013-06-11 18:30:38    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-11 18:30:38    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-13 05:51:01    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00    1464320    ----a-w-    C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40    52224    ----a-w-    C:\Windows\System32\certenc.dll
2013-05-13 04:45:55    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55    1160192    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55    1192448    ----a-w-    C:\Windows\System32\certutil.exe
2013-05-13 03:08:10    903168    ----a-w-    C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06    43008    ----a-w-    C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27    30720    ----a-w-    C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54    24576    ----a-w-    C:\Windows\SysWow64\cryptdlg.dll
2013-05-09 08:59:07    72016    ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
2013-05-09 08:59:07    65336    ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
2013-05-09 08:59:06    80816    ----a-w-    C:\Windows\System32\drivers\aswMonFlt.sys
2013-05-09 08:58:37    41664    ----a-w-    C:\Windows\avastSS.scr
2013-05-08 06:39:01    1910632    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-05-02 06:06:08    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-05-01 07:59:12    94208    ----a-w-    C:\Windows\SysWow64\QuickTimeVR.qtx
2013-05-01 07:59:12    69632    ----a-w-    C:\Windows\SysWow64\QuickTime.qts
2013-04-26 05:51:36    751104    ----a-w-    C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21    492544    ----a-w-    C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32    1505280    ----a-w-    C:\Windows\SysWow64\d3d11.dll
2013-04-17 07:02:06    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24:46    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2013-04-13 05:49:23    135168    ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19    350208    ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19    308736    ----a-w-    C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19    111104    ----a-w-    C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16    474624    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15    2176512    ----a-w-    C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54    265064    ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53    983400    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50    3153920    ----a-w-    C:\Windows\System32\win32k.sys
.
============= FINISH: 14:51:20.90 ===============
 

 

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:39 PM

Posted 05 July 2013 - 09:00 AM

Greetings witchswan and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me some time to review the information you have provided and I will reply as soon as possible.

While I am doing that please run this program for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST log
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 witchswan

witchswan
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:01:39 AM

Posted 05 July 2013 - 11:41 AM

Afternoon Gary, thank you so much for helping me.  I'm Sue, today we are under a severe thunderstorm warning, so I may have to log off if I hear thunder rumbles.  Our local hydro usually goes off for a second or two when there is thunder in the air, terrible for computers.  We have a very unstable local power supply and sometimes are without power for hours, or days.  Such is Summer in South Western Ontario, Canada, never boring! 

 

I'm usually online every morning into mid afternoon and when someone is helping me check throughout the day and evening for replies.  I just remembered that around the time all the problems started the power did go off while the system was shutting down, next day got a blue screen with a notification that windows had not closed normally, did I want to return to the last session or start anew?  I chose to start anew.  Maybe that was a mistake?  Here are the logs you asked for.  I do have an X64 system.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-07-2013
Ran by Sue (administrator) on 05-07-2013 12:15:39
Running from C:\Users\Sue\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11660904 2010-11-30] (Realtek Semiconductor)
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [19603048 2013-06-03] (Skype Technologies S.A.)
HKLM-x32\...\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [340848 2011-04-02] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe" [408432 2011-03-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d [202608 2011-03-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [177448 2011-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [627304 2011-08-10] ()
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [BrMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [QuickFinder Scheduler] "c:\Program Files (x86)\Corel\WordPerfect Office X5\Programs\QFSCHD150.EXE" [128440 2012-09-21] (Corel Corporation)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe /default [154144 2010-07-29] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.care2.com/c2c/pm/folder/inbox
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 69.41.192.2 69.41.199.30

FireFox:
========
FF ProfilePath: C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\2nfak06z.default
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://www.ctvnews.ca/
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\2nfak06z.default\searchplugins\search.xml
FF Extension: No Name - C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\2nfak06z.default\Extensions\extensions
FF Extension: WOT - C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\2nfak06z.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: ReminderFox - C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\2nfak06z.default\Extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
FF Extension: printedit - C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\2nfak06z.default\Extensions\printedit@DW-dev.xpi
FF Extension: troubleshooter - C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\2nfak06z.default\Extensions\troubleshooter@mozilla.org.xpi
FF Extension: No Name - C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\2nfak06z.default\Extensions\{5C655500-E712-41e7-9349-CE462F844B19}.xpi
FF Extension: No Name - C:\Users\Sue\AppData\Roaming\Mozilla\Firefox\Profiles\2nfak06z.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-05 12:15 - 2013-07-05 12:15 - 00000000 ____D C:\FRST
2013-07-05 12:14 - 2013-07-05 12:14 - 01934636 ____A (Farbar) C:\Users\Sue\Desktop\FRST64.exe
2013-07-05 09:03 - 2013-07-05 09:04 - 00000000 ____D C:\Users\Sue\AppData\Local\{0F01B1EC-DBBB-4C47-9DC4-62E228EC4679}
2013-07-04 14:51 - 2013-07-04 14:51 - 00019817 ____A C:\Users\Sue\Desktop\dds.txt
2013-07-04 14:51 - 2013-07-04 14:51 - 00007030 ____A C:\Users\Sue\Desktop\attach.txt
2013-07-04 08:27 - 2013-07-04 08:27 - 00000000 ____D C:\Users\Sue\AppData\Local\{070BADB1-CDD8-4E7F-B803-0ECFFF381003}
2013-07-03 08:36 - 2013-07-03 08:37 - 00000000 ____D C:\Users\Sue\AppData\Local\{D55FA113-8C03-40A3-BA6B-F00035EC1949}
2013-07-02 08:47 - 2013-07-02 08:48 - 00000000 ____D C:\Users\Sue\AppData\Local\{62E70774-7FF5-4E5A-8BB2-75081712E501}
2013-07-01 08:33 - 2013-07-01 08:34 - 00000000 ____D C:\Users\Sue\AppData\Local\{1802B6D1-29DE-4433-BF3B-17263700B077}
2013-06-30 10:12 - 2013-06-30 10:12 - 00000000 ____D C:\Users\Sue\AppData\Local\{C5C510A6-AEEF-40F3-94F5-EDFC83D870D5}
2013-06-29 08:05 - 2013-06-29 08:05 - 00000000 ____D C:\Users\Sue\AppData\Local\{97ED5428-F3B9-4FA0-B952-A89CDDB19631}
2013-06-28 17:02 - 2013-06-28 17:02 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-28 17:02 - 2013-06-28 17:02 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-28 17:02 - 2013-06-28 17:02 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-28 17:02 - 2013-06-28 17:02 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-28 17:02 - 2013-06-28 17:02 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-28 17:02 - 2013-06-28 17:02 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-28 17:02 - 2013-06-28 17:02 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-28 17:02 - 2013-06-28 17:02 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-28 17:02 - 2013-06-28 17:02 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-28 17:02 - 2013-06-28 17:02 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-28 17:02 - 2013-06-28 17:02 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-28 17:02 - 2013-06-28 17:02 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-28 17:02 - 2013-06-28 17:02 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-28 17:02 - 2013-06-28 17:02 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-28 17:02 - 2013-06-28 17:02 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-28 17:02 - 2013-06-28 17:02 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-28 17:02 - 2013-06-28 17:02 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-28 17:02 - 2013-06-28 17:02 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-28 17:02 - 2013-06-28 17:02 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-28 17:02 - 2013-06-28 17:02 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-28 17:02 - 2013-06-28 17:02 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-28 17:02 - 2013-06-28 17:02 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-28 17:02 - 2013-06-28 17:02 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-28 17:02 - 2013-06-28 17:02 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-28 17:02 - 2013-06-28 17:02 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-28 17:02 - 2013-06-28 17:02 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-28 08:03 - 2013-06-28 08:03 - 00000000 ____D C:\Users\Sue\AppData\Local\{1EE78D1B-7F45-4498-AFF2-891F5AD3F6BD}
2013-06-27 16:55 - 2013-06-27 16:55 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-06-27 16:55 - 2013-06-27 16:55 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-27 16:55 - 2013-06-27 16:55 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-27 10:08 - 2013-06-27 10:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-27 08:55 - 2013-06-27 08:55 - 00000000 ____D C:\Users\Sue\AppData\Local\{B56B522F-5665-44BE-9462-58ECBACDE3F6}
2013-06-26 09:28 - 2013-06-26 09:28 - 00000060 ____A C:\Windows\wininit.ini
2013-06-26 09:28 - 2013-06-26 09:28 - 00000000 ____D C:\Users\Sue\AppData\Local\{CE167CCB-CF68-4D8C-8A97-BC062B7A4864}
2013-06-25 13:32 - 2013-06-25 13:32 - 00018361 ____A C:\ComboFix.txt
2013-06-25 13:24 - 2011-06-26 02:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-25 13:24 - 2010-11-07 13:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-25 13:24 - 2009-04-20 00:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-25 13:24 - 2000-08-30 20:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-25 13:24 - 2000-08-30 20:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-25 13:24 - 2000-08-30 20:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-25 13:24 - 2000-08-30 20:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-25 13:24 - 2000-08-30 20:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-25 13:14 - 2013-06-25 13:32 - 00000000 ____D C:\Qoobox
2013-06-25 13:14 - 2013-06-25 13:31 - 00000000 ____D C:\Windows\erdnt
2013-06-25 13:13 - 2013-06-25 13:13 - 05082330 ____R (Swearware) C:\Users\Sue\Downloads\ComboFix.exe
2013-06-25 09:05 - 2013-06-25 09:05 - 00000000 ____D C:\Users\Sue\AppData\Local\{966B0B6F-CD0C-48C1-8CA8-C62A32C06C3F}
2013-06-24 08:57 - 2013-06-24 08:57 - 00000000 ____D C:\Users\Sue\AppData\Local\{9E9597DA-E050-433E-9C08-3BFC60154981}
2013-06-23 19:26 - 2013-06-23 19:26 - 00008897 ____A C:\Users\Sue\Documents\Inspector Lewis series 7.wpd
2013-06-23 08:21 - 2013-06-23 08:21 - 00000000 ____D C:\Users\Sue\AppData\Local\{13F6455A-4C22-4DB1-AD07-3D1643498543}
2013-06-22 08:05 - 2013-06-22 08:05 - 00000000 ____D C:\Users\Sue\AppData\Local\{84330D2B-6FDA-4F33-A305-BD8305C3CF3C}
2013-06-21 07:55 - 2013-06-21 07:56 - 00000000 ____D C:\Users\Sue\AppData\Local\{3A5D6159-0DE1-402D-AF7E-5B6B17D96F3C}
2013-06-20 13:07 - 2013-06-20 13:07 - 00003081 ____A C:\Users\Sue\Documents\Sue Horwood13333 Home StreetStratford.wpd
2013-06-20 12:50 - 2013-06-20 12:50 - 00000000 ____D C:\Users\Sue\Documents\CCWin
2013-06-20 07:39 - 2013-06-20 07:39 - 00000000 ____D C:\Users\Sue\AppData\Local\{014A4466-933D-48EF-B15C-62F18F446807}
2013-06-18 17:07 - 2013-06-18 17:07 - 00004092 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-18 17:07 - 2013-06-12 21:47 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-18 17:07 - 2013-06-12 21:43 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-18 17:07 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-18 17:07 - 2013-06-12 21:43 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-18 17:05 - 2013-06-18 17:05 - 00000000 ____D C:\ProgramData\McAfee
2013-06-18 08:50 - 2013-06-18 08:51 - 00000000 ____D C:\Users\Sue\AppData\Local\{A6D1B691-91B8-4AF3-9505-FD0C3C006F46}
2013-06-17 08:21 - 2013-06-17 08:22 - 00000000 ____D C:\Users\Sue\AppData\Local\{0C05BCE5-7B5D-4DFE-9ACB-2CFACE83593E}
2013-06-16 08:18 - 2013-06-16 08:18 - 00000000 ____D C:\Users\Sue\AppData\Local\{EFD3716E-BD58-4484-A95C-0A004F53F5D4}
2013-06-15 14:08 - 2013-06-15 14:08 - 00000000 ____D C:\Users\Sue\AppData\Local\{F2A4AE35-2D66-4733-B7DE-3B310CB444FD}
2013-06-14 20:48 - 2013-06-14 20:49 - 00000000 ____D C:\Users\Sue\AppData\Local\{486CEA8E-F683-4AF5-8C55-F94691DBCA71}
2013-06-14 08:48 - 2013-06-14 08:48 - 00000000 ____D C:\Users\Sue\AppData\Local\{7FEAC19E-6480-442C-9769-AE0605A42DB4}
2013-06-13 09:09 - 2013-06-13 09:09 - 00000000 ____D C:\Users\Sue\AppData\Local\{47BC56DB-1DA7-4166-9978-C24D8A48A17D}
2013-06-12 10:36 - 2013-05-13 01:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-12 10:36 - 2013-05-13 01:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-12 10:36 - 2013-05-13 01:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-12 10:36 - 2013-05-13 01:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-12 10:36 - 2013-05-13 00:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-12 10:36 - 2013-05-13 00:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-12 10:36 - 2013-05-13 00:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-12 10:36 - 2013-05-12 23:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-12 10:36 - 2013-05-12 23:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-12 10:36 - 2013-05-12 23:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-12 10:36 - 2013-05-10 01:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-12 10:36 - 2013-05-09 23:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-12 10:36 - 2013-05-08 02:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-12 10:36 - 2013-04-26 01:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-12 10:36 - 2013-04-26 00:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-12 10:36 - 2013-04-25 19:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-12 10:36 - 2013-04-17 03:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-12 10:36 - 2013-04-17 02:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-12 10:36 - 2013-03-31 18:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-12 10:31 - 2013-06-12 10:32 - 00000000 ____D C:\Users\Sue\AppData\Local\{2342EF51-EDED-4FAF-8743-E32ABD0B612A}
2013-06-11 14:30 - 2013-06-11 14:30 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-11 09:59 - 2013-06-11 09:59 - 00000000 ____D C:\Users\Sue\AppData\Local\{CDC49E2F-CF9D-49D9-9098-55DEBA9509F0}
2013-06-10 09:16 - 2013-06-10 09:16 - 00000000 ____D C:\Users\Sue\AppData\Local\{D276DD93-3DD1-4C72-B431-824FB0DF85FC}
2013-06-08 07:29 - 2013-06-08 07:29 - 00000000 ____D C:\Users\Sue\AppData\Local\{BBF61CA6-CA4F-4FE7-B421-05A1BF97FF16}
2013-06-07 09:17 - 2013-06-07 09:17 - 00000000 ____D C:\Users\Sue\AppData\Local\{B7B128B3-7796-49BA-8764-CC017FF9742E}
2013-06-06 09:27 - 2013-06-06 09:28 - 00000000 ____D C:\Users\Sue\AppData\Local\{2291C16E-0DC8-41E1-902B-8D2B89F1731E}
2013-06-05 10:53 - 2013-06-05 10:53 - 00000000 ____D C:\Users\Sue\AppData\Local\{299C0DDA-9C4C-48D5-B114-DBCA43111D42}

==================== One Month Modified Files and Folders =======

2013-07-05 12:15 - 2013-07-05 12:15 - 00000000 ____D C:\FRST
2013-07-05 12:14 - 2013-07-05 12:14 - 01934636 ____A (Farbar) C:\Users\Sue\Desktop\FRST64.exe
2013-07-05 11:59 - 2012-06-02 17:34 - 00000000 ____D C:\Users\Sue\AppData\Roaming\Skype
2013-07-05 11:55 - 2012-06-09 12:30 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-05 11:30 - 2012-11-07 09:42 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-05 10:02 - 2012-06-02 15:20 - 01257767 ____A C:\Windows\WindowsUpdate.log
2013-07-05 09:10 - 2009-07-14 00:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-05 09:10 - 2009-07-14 00:45 - 00016976 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-05 09:05 - 2009-07-14 01:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2013-07-05 09:04 - 2013-07-05 09:03 - 00000000 ____D C:\Users\Sue\AppData\Local\{0F01B1EC-DBBB-4C47-9DC4-62E228EC4679}
2013-07-05 08:59 - 2012-06-09 12:30 - 00000888 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-05 08:59 - 2012-06-02 16:12 - 00000000 ____D C:\ProgramData\clear.fi
2013-07-05 08:59 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-05 08:59 - 2009-07-14 00:51 - 00070356 ____A C:\Windows\setupact.log
2013-07-04 19:47 - 2012-04-12 15:44 - 00000000 ____D C:\Users\Sue\Documents\TV grids
2013-07-04 16:07 - 2012-06-08 14:58 - 00004704 __ASH C:\ProgramData\KGyGaAvL.sys
2013-07-04 16:07 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-07-04 14:51 - 2013-07-04 14:51 - 00019817 ____A C:\Users\Sue\Desktop\dds.txt
2013-07-04 14:51 - 2013-07-04 14:51 - 00007030 ____A C:\Users\Sue\Desktop\attach.txt
2013-07-04 08:27 - 2013-07-04 08:27 - 00000000 ____D C:\Users\Sue\AppData\Local\{070BADB1-CDD8-4E7F-B803-0ECFFF381003}
2013-07-03 08:37 - 2013-07-03 08:36 - 00000000 ____D C:\Users\Sue\AppData\Local\{D55FA113-8C03-40A3-BA6B-F00035EC1949}
2013-07-02 08:48 - 2013-07-02 08:47 - 00000000 ____D C:\Users\Sue\AppData\Local\{62E70774-7FF5-4E5A-8BB2-75081712E501}
2013-07-01 08:34 - 2013-07-01 08:33 - 00000000 ____D C:\Users\Sue\AppData\Local\{1802B6D1-29DE-4433-BF3B-17263700B077}
2013-06-30 10:12 - 2013-06-30 10:12 - 00000000 ____D C:\Users\Sue\AppData\Local\{C5C510A6-AEEF-40F3-94F5-EDFC83D870D5}
2013-06-29 08:05 - 2013-06-29 08:05 - 00000000 ____D C:\Users\Sue\AppData\Local\{97ED5428-F3B9-4FA0-B952-A89CDDB19631}
2013-06-28 17:04 - 2013-03-12 14:39 - 00038885 ____A C:\Windows\IE10_main.log
2013-06-28 17:04 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-28 17:02 - 2013-06-28 17:02 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-28 17:02 - 2013-06-28 17:02 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-28 17:02 - 2013-06-28 17:02 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-28 17:02 - 2013-06-28 17:02 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-28 17:02 - 2013-06-28 17:02 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-28 17:02 - 2013-06-28 17:02 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-28 17:02 - 2013-06-28 17:02 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-28 17:02 - 2013-06-28 17:02 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-28 17:02 - 2013-06-28 17:02 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-28 17:02 - 2013-06-28 17:02 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-28 17:02 - 2013-06-28 17:02 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-28 17:02 - 2013-06-28 17:02 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-28 17:02 - 2013-06-28 17:02 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-28 17:02 - 2013-06-28 17:02 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-28 17:02 - 2013-06-28 17:02 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-28 17:02 - 2013-06-28 17:02 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-28 17:02 - 2013-06-28 17:02 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-28 17:02 - 2013-06-28 17:02 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-28 17:02 - 2013-06-28 17:02 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-28 17:02 - 2013-06-28 17:02 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-28 17:02 - 2013-06-28 17:02 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-28 17:02 - 2013-06-28 17:02 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-28 17:02 - 2013-06-28 17:02 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-28 17:02 - 2013-06-28 17:02 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-28 17:02 - 2013-06-28 17:02 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-28 17:02 - 2013-06-28 17:02 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-28 17:02 - 2013-06-28 17:02 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-28 08:03 - 2013-06-28 08:03 - 00000000 ____D C:\Users\Sue\AppData\Local\{1EE78D1B-7F45-4498-AFF2-891F5AD3F6BD}
2013-06-28 08:00 - 2012-06-03 11:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-27 16:55 - 2013-06-27 16:55 - 00000175 ____A C:\Windows\System32\Drivers\aswVmm.sys.sum
2013-06-27 16:55 - 2013-06-27 16:55 - 00000175 ____A C:\Windows\System32\Drivers\aswSP.sys.sum
2013-06-27 16:55 - 2013-06-27 16:55 - 00000175 ____A C:\Windows\System32\Drivers\aswSnx.sys.sum
2013-06-27 16:55 - 2013-03-16 12:14 - 00189936 ____A C:\Windows\System32\Drivers\aswVmm.sys
2013-06-27 16:55 - 2012-06-02 16:25 - 01030952 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2013-06-27 16:55 - 2012-06-02 16:25 - 00378944 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2013-06-27 10:08 - 2013-06-27 10:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-27 08:55 - 2013-06-27 08:55 - 00000000 ____D C:\Users\Sue\AppData\Local\{B56B522F-5665-44BE-9462-58ECBACDE3F6}
2013-06-26 09:28 - 2013-06-26 09:28 - 00000060 ____A C:\Windows\wininit.ini
2013-06-26 09:28 - 2013-06-26 09:28 - 00000000 ____D C:\Users\Sue\AppData\Local\{CE167CCB-CF68-4D8C-8A97-BC062B7A4864}
2013-06-25 14:01 - 2010-11-20 23:47 - 00021476 ____A C:\Windows\PFRO.log
2013-06-25 13:32 - 2013-06-25 13:32 - 00018361 ____A C:\ComboFix.txt
2013-06-25 13:32 - 2013-06-25 13:14 - 00000000 ____D C:\Qoobox
2013-06-25 13:32 - 2009-07-13 23:20 - 00000000 __RHD C:\users\Default
2013-06-25 13:31 - 2013-06-25 13:14 - 00000000 ____D C:\Windows\erdnt
2013-06-25 13:31 - 2009-07-13 22:34 - 00000215 ____A C:\Windows\system.ini
2013-06-25 13:13 - 2013-06-25 13:13 - 05082330 ____R (Swearware) C:\Users\Sue\Downloads\ComboFix.exe
2013-06-25 12:56 - 2012-06-02 16:03 - 00000000 ____D C:\Users\Sue\AppData\Local\VirtualStore
2013-06-25 09:05 - 2013-06-25 09:05 - 00000000 ____D C:\Users\Sue\AppData\Local\{966B0B6F-CD0C-48C1-8CA8-C62A32C06C3F}
2013-06-25 08:47 - 2013-01-28 12:03 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-06-25 08:47 - 2011-07-20 08:06 - 00000000 ____D C:\ProgramData\Skype
2013-06-24 08:57 - 2013-06-24 08:57 - 00000000 ____D C:\Users\Sue\AppData\Local\{9E9597DA-E050-433E-9C08-3BFC60154981}
2013-06-23 19:26 - 2013-06-23 19:26 - 00008897 ____A C:\Users\Sue\Documents\Inspector Lewis series 7.wpd
2013-06-23 08:21 - 2013-06-23 08:21 - 00000000 ____D C:\Users\Sue\AppData\Local\{13F6455A-4C22-4DB1-AD07-3D1643498543}
2013-06-22 08:05 - 2013-06-22 08:05 - 00000000 ____D C:\Users\Sue\AppData\Local\{84330D2B-6FDA-4F33-A305-BD8305C3CF3C}
2013-06-21 07:56 - 2013-06-21 07:55 - 00000000 ____D C:\Users\Sue\AppData\Local\{3A5D6159-0DE1-402D-AF7E-5B6B17D96F3C}
2013-06-20 13:07 - 2013-06-20 13:07 - 00003081 ____A C:\Users\Sue\Documents\Sue Horwood13333 Home StreetStratford.wpd
2013-06-20 12:50 - 2013-06-20 12:50 - 00000000 ____D C:\Users\Sue\Documents\CCWin
2013-06-20 07:39 - 2013-06-20 07:39 - 00000000 ____D C:\Users\Sue\AppData\Local\{014A4466-933D-48EF-B15C-62F18F446807}
2013-06-18 17:07 - 2013-06-18 17:07 - 00004092 ____A C:\Windows\SysWOW64\jupdate-1.7.0_25-b16.log
2013-06-18 17:07 - 2013-03-07 10:35 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-18 17:05 - 2013-06-18 17:05 - 00000000 ____D C:\ProgramData\McAfee
2013-06-18 08:51 - 2013-06-18 08:50 - 00000000 ____D C:\Users\Sue\AppData\Local\{A6D1B691-91B8-4AF3-9505-FD0C3C006F46}
2013-06-17 08:22 - 2013-06-17 08:21 - 00000000 ____D C:\Users\Sue\AppData\Local\{0C05BCE5-7B5D-4DFE-9ACB-2CFACE83593E}
2013-06-16 08:18 - 2013-06-16 08:18 - 00000000 ____D C:\Users\Sue\AppData\Local\{EFD3716E-BD58-4484-A95C-0A004F53F5D4}
2013-06-15 14:08 - 2013-06-15 14:08 - 00000000 ____D C:\Users\Sue\AppData\Local\{F2A4AE35-2D66-4733-B7DE-3B310CB444FD}
2013-06-14 20:49 - 2013-06-14 20:48 - 00000000 ____D C:\Users\Sue\AppData\Local\{486CEA8E-F683-4AF5-8C55-F94691DBCA71}
2013-06-14 08:48 - 2013-06-14 08:48 - 00000000 ____D C:\Users\Sue\AppData\Local\{7FEAC19E-6480-442C-9769-AE0605A42DB4}
2013-06-13 09:09 - 2013-06-13 09:09 - 00000000 ____D C:\Users\Sue\AppData\Local\{47BC56DB-1DA7-4166-9978-C24D8A48A17D}
2013-06-12 21:48 - 2012-06-03 17:07 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-12 21:48 - 2012-06-03 17:07 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-12 21:47 - 2013-06-18 17:07 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-12 21:43 - 2013-06-18 17:07 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-12 21:43 - 2013-06-18 17:07 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-12 21:43 - 2013-06-18 17:07 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-12 10:54 - 2012-06-02 17:09 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-12 10:32 - 2013-06-12 10:31 - 00000000 ____D C:\Users\Sue\AppData\Local\{2342EF51-EDED-4FAF-8743-E32ABD0B612A}
2013-06-11 14:30 - 2013-06-11 14:30 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-11 14:30 - 2012-06-04 08:31 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-11 14:30 - 2011-07-20 08:18 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-11 09:59 - 2013-06-11 09:59 - 00000000 ____D C:\Users\Sue\AppData\Local\{CDC49E2F-CF9D-49D9-9098-55DEBA9509F0}
2013-06-10 09:16 - 2013-06-10 09:16 - 00000000 ____D C:\Users\Sue\AppData\Local\{D276DD93-3DD1-4C72-B431-824FB0DF85FC}
2013-06-08 07:29 - 2013-06-08 07:29 - 00000000 ____D C:\Users\Sue\AppData\Local\{BBF61CA6-CA4F-4FE7-B421-05A1BF97FF16}
2013-06-07 09:17 - 2013-06-07 09:17 - 00000000 ____D C:\Users\Sue\AppData\Local\{B7B128B3-7796-49BA-8764-CC017FF9742E}
2013-06-06 09:28 - 2013-06-06 09:27 - 00000000 ____D C:\Users\Sue\AppData\Local\{2291C16E-0DC8-41E1-902B-8D2B89F1731E}
2013-06-05 10:53 - 2013-06-05 10:53 - 00000000 ____D C:\Users\Sue\AppData\Local\{299C0DDA-9C4C-48D5-B114-DBCA43111D42}

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-28 16:29

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-07-2013
Ran by Sue at 2013-07-05 12:16:00
Running from C:\Users\Sue\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Acer eRecovery Management (x32 Version: 5.00.3502)
Acer Games (x32 Version: 1.0.2.5)
Acer Registration (x32 Version: 1.04.3503)
Acer ScreenSaver (x32 Version: 1.1.0609.2011)
Acer Updater (x32 Version: 1.02.3500)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader XI (11.0.03) (x32 Version: 11.0.03)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.2.122)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98)
Apple Application Support (x32 Version: 2.3)
Apple Software Update (x32 Version: 2.1.3.127)
avast! Free Antivirus (x32 Version: 8.0.1489.0)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95)
Belarc Advisor 8.2 (x32 Version: 8.2.7.12)
BookScan&Whiteboard Suite (x32 Version: 1.0)
Brother MFL-Pro Suite MFC-290C (x32 Version: 1.0.1.0)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.97)
Chronicles of Albian (x32 Version: 2.2.0.95)
clear.fi (x32 Version: 1.0.1517_36458)
clear.fi (x32 Version: 1.0.1720.15)
clear.fi (x32 Version: 9.0.7713)
clear.fi Client (x32 Version: 1.00.3500)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2)
Cradle of Rome 2 (x32 Version: 2.2.0.95)
D3DX10 (x32 Version: 15.4.2368.0902)
Dora's World Adventure (x32 Version: 2.2.0.95)
Etron USB3.0 Host Controller (x32 Version: 0.103)
FaceFilter Studio Brother Edition (x32 Version: 1.0)
Final Drive: Nitro (x32 Version: 2.2.0.95)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Google Earth (x32 Version: 7.0.3.8542)
Google Earth Plug-in (x32 Version: 7.1.1.1580)
Google Update Helper (x32 Version: 1.3.21.145)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95)
Hotkey Utility (x32 Version: 2.05.3505)
Icy Tower v1.5 (x32)
Identity Card (x32 Version: 1.00.3501)
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Management Engine Components (x32 Version: 7.0.0.1144)
Intel® Processor Graphics (x32 Version: 9.17.10.2932)
Intel® Rapid Storage Technology (x32 Version: 10.1.0.1008)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Jewel Match 3 (x32 Version: 2.2.0.97)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Mozilla Firefox 22.0 (x86 en-US) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98)
MyWinLocker (Version: 4.0.14.25)
MyWinLocker 4 (x32 Version: 4.0.14.25)
MyWinLocker Suite (x32 Version: 4.0.14.15)
Nero Control Center 10 (x32 Version: 10.2.11100.1.1)
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.5.10000)
Nero Core Components 10 (x32 Version: 2.0.18100.8.8)
Nero DiscSpeed 10 (x32 Version: 6.2.10500.2.100)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 10.5.10000)
Nero Express 10 (x32 Version: 10.2.12000.21.100)
Nero Express 10 Help (CHM) (x32 Version: 10.5.10200)
Nero Multimedia Suite 10 Essentials (x32 Version: 10.5.10300)
Nero StartSmart 10 (x32 Version: 10.2.11600.14.100)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.5.10000)
Nero Update (x32 Version: 1.0.0018)
Norton Online Backup (x32 Version: 2.1.17869)
Penguins! (x32 Version: 2.2.0.95)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95)
Polar Bowler (x32 Version: 2.2.0.97)
Polar Golfer (x32 Version: 2.2.0.95)
QuickTime (x32 Version: 7.74.80.86)
Realtek Ethernet Controller Driver (x32 Version: 7.45.516.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6257)
Shredder (Version: 2.0.8.9)
Shredder (x32 Version: 2.0.8.9)
Skype™ 6.5 (x32 Version: 6.5.158)
Sophos Virus Removal Tool (x32 Version: 2.2)
StudioTax 2011 (Version: 7.0.7.2)
StudioTax 2012 (x32 Version: 8.0.5.3)
swMSM (x32 Version: 12.0.0.1)
Torchlight (x32 Version: 2.2.0.97)
update (x32 Version: 3.00.0000)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update Installer for WildTangent Games App (x32)
Virtual Villagers 5 - New Believers (x32 Version: 2.2.0.97)
Welcome Center (x32 Version: 1.02.3502)
WildTangent Games App (Acer Games) (x32 Version: 4.0.5.14)
Windows Live (x32 Version: 15.4.3502.0922)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WordPerfect IFilter 64 bit (Version: 1.2)
WordPerfect Lightning - IPM (x32 Version: 1.0)
WordPerfect Lightning - Messages (x32 Version: 1.0)
WordPerfect Lightning - MSOM (x32 Version: 1.1)
WordPerfect Lightning (x32 Version: 2.0)
WordPerfect Office X5 - Common (x32 Version: 15.7)
Wordperfect Office X5 - EN (x32 Version: 15.7)
WordPerfect Office X5 - Filters (x32 Version: 15.7)
WordPerfect Office X5 - Graphics (x32 Version: 15.3)
WordPerfect Office X5 - IPM (x32 Version: 15.7)
WordPerfect Office X5 - LegalTools (x32 Version: 15.7)
WordPerfect Office X5 - Migration Manager (x32 Version: 15.7)
WordPerfect Office X5 - Oxford (x32 Version: 15.7)
WordPerfect Office X5 - PerfectExperts EN (x32 Version: 15.3)
WordPerfect Office X5 - PR (x32 Version: 15.3)
WordPerfect Office X5 - QP (x32 Version: 15.7)
WordPerfect Office X5 - Setup Files (x32 Version: 15.7)
WordPerfect Office X5 - Skins (x32 Version: 15.3)
WordPerfect Office X5 - System EN (x32 Version: 15.0)
WordPerfect Office X5 - Templates (x32 Version: 15.3)
WordPerfect Office X5 - WP (x32 Version: 15.7)
WordPerfect Office X5 - WT (x32 Version: 15.7)
WordPerfect Office X5 (x32 Version: 15.0.0.528)
WordPerfect Office X5 (x32 Version: 15.7)
WordPerfect OfficeReady (x32 Version: 1.0)
Zuma's Revenge (x32 Version: 2.2.0.97)

==================== Restore Points  =========================

26-06-2013 14:00:06 Windows Backup
27-06-2013 14:00:08 Windows Backup
27-06-2013 14:04:36 Windows Backup
28-06-2013 14:00:08 Windows Backup
28-06-2013 17:40:54 Windows Modules Installer
28-06-2013 17:51:59 Windows Update
28-06-2013 17:58:28 Windows Update
28-06-2013 18:02:13 Windows Update
28-06-2013 18:06:39 Windows Update
28-06-2013 18:09:38 Windows Update
28-06-2013 20:59:59 Windows Update
29-06-2013 14:00:07 Windows Backup
30-06-2013 14:19:56 Windows Backup
01-07-2013 14:00:08 Windows Backup
02-07-2013 12:49:46 Windows Update
02-07-2013 14:00:05 Windows Backup
03-07-2013 14:00:08 Windows Backup
04-07-2013 14:00:07 Windows Backup
05-07-2013 14:00:07 Windows Backup
05-07-2013 14:00:37 Windows Update

==================== Hosts content: ==========================

2009-07-13 22:34 - 2013-06-25 13:31 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {107D1020-D773-48B6-AA4D-0650FC3450DA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {129DBE57-D8AE-439D-BF59-D6734BAAA3A5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {141F46F9-CAF8-487F-8826-AFA998F20DA4} - System32\Tasks\{755ECB0E-E057-48FB-99D2-7ED4D7E1FC90} => C:\games\icytower1.5\icytower15.exe [2011-09-21] ()
Task: {142D6419-C749-49EA-9F13-CCEE1DC0A191} - System32\Tasks\{E33FE70F-0990-48FC-A6CA-687E30FCA841} => C:\games\icytower1.5\icytower15.exe [2011-09-21] ()
Task: {5A5193BB-E21E-47E5-9734-32097F7A35A6} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-09] (AVAST Software)
Task: {64DCCE67-A69C-4801-9241-CC5F86B74D78} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-05-11] (Adobe Systems Incorporated)
Task: {8A8E1B32-82CB-4FDA-9073-FCF0408B2308} - System32\Tasks\Games\UpdateCheck_S-1-5-21-481808494-41507204-1323414512-1000
Task: {9C5CDBE1-958C-4530-BD30-09206921DAE0} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe No File
Task: {A3BA4986-E4EB-48B0-879F-76B13A3731B9} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-13] (Microsoft Corporation)
Task: {A9F71070-A547-4441-BCC5-51D7ACACE119} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-05-20] (Acer Incorporated)
Task: {AC1C840B-1430-4F51-A59C-44CE30711FCE} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => C:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation)
Task: {AF7D5387-A0CF-4A5F-837D-53432FAB3AA9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-09] (Google Inc.)
Task: {D069339F-0DA8-4AC6-B899-24FC5F3DAC6B} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-05-20] (CyberLink)
Task: {D6BE75F9-4C7B-4D9E-AB1F-1FDA617CF472} - System32\Tasks\{87DC052F-D1ED-4BC6-8B8F-662CC087B64D} => C:\games\icytower1.5\icytower15.exe [2011-09-21] ()
Task: {D6F2FD6D-8A69-4F74-A62B-3BFF539B8502} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-05-20] (CyberLink Corp.)
Task: {DAFE26FD-DB6D-4390-82BA-53CB064FA911} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {E31C2FD5-7C31-47EF-9BBF-F9634A97AF50} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-06-09] (Google Inc.)
Task: {ECD58273-97C7-42DC-B2B9-A8782A5F064C} - System32\Tasks\{A726CF6C-9D8F-4E76-95A8-3CDB74571DCA} => C:\games\icytower1.5\icytower15.exe [2011-09-21] ()
Task: {FA1B8745-B68A-4258-831F-ED0DC7B33695} - System32\Tasks\{080DE83E-0816-491F-95C8-0EC9F80EFA1E} => C:\games\icytower1.5\icytower15.exe [2011-09-21] ()
Task: {FD8B7017-FC57-426C-84EA-E32BCE73ED45} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/05/2013 09:00:49 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/04/2013 02:56:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/04/2013 08:26:56 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2013 08:36:15 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/02/2013 08:47:23 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2013 00:26:10 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: Wpc.dll, version: 1.0.0.1, time stamp: 0x50c1eda0
Exception code: 0xc0000005
Fault offset: 0x000000000000675e
Faulting process id: 0x9b8
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (07/01/2013 08:34:02 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2013 10:11:23 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/29/2013 07:56:42 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/28/2013 05:07:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (06/28/2013 02:11:59 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 10 for Windows 7 for x64-based Systems.

Error: (06/28/2013 02:09:28 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 10 for Windows 7 for x64-based Systems.

Error: (06/28/2013 02:00:47 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 10 for Windows 7 for x64-based Systems.

Error: (06/28/2013 01:54:28 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 10 for Windows 7 for x64-based Systems.

Error: (06/25/2013 01:31:07 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (06/25/2013 01:29:19 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (06/25/2013 01:28:18 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

Error: (06/25/2013 01:24:29 PM) (Source: DCOM) (User: )
Description: 1084VSS{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (06/25/2013 01:09:26 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (06/25/2013 01:09:26 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


Microsoft Office Sessions:
=========================
Error: (07/05/2013 09:00:49 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/04/2013 02:56:13 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/04/2013 08:26:56 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/03/2013 08:36:15 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/02/2013 08:47:23 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/01/2013 00:26:10 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7601.175674d672ee4Wpc.dll1.0.0.150c1eda0c0000005000000000000675e9b801ce76570f0cccdbC:\Windows\Explorer.EXEC:\Windows\System32\Wpc.dllefdefa40-e26a-11e2-b525-3860774bfc13

Error: (07/01/2013 08:34:02 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/30/2013 10:11:23 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/29/2013 07:56:42 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/28/2013 05:07:27 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2013-06-25 13:29:19.654
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-06-25 13:29:19.622
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 52%
Total physical RAM: 4000.24 MB
Available physical RAM: 1892.27 MB
Total Pagefile: 7998.67 MB
Available Pagefile: 5937.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:916.41 GB) (Free:871.6 GB) NTFS (Disk=0 Partition=3)
Drive j: (STORE N GO) (Removable) (Total:7.45 GB) (Free:1.8 GB) FAT32 (Disk=2 Partition=1)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 2B7C858C)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=916 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 7 GB) (Disk ID: 1D865625)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0C)

==================== End Of Log ============================

 

 



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:39 PM

Posted 05 July 2013 - 01:03 PM

Hi Sue,

Thank you for the detailed information. A few things in this post.

Do you recognize this game?

icytower1.5

Please do these things for me.

===================================================

SystemLook by jpshortstuff

--------------------
  • Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2
Download Mirror #3 For 64-bit users

  • Double-click SystemLook.exe to run it.
  • Vista\Windows 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following codebox into the main textfield:
:dir
C:\Windows\System32\FxsTmp /s
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

===================================================

Checking Windows Update Installations via Add/Remove

--------------------
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • Click View installed updates in the upper left hand corner of the screen
  • Please list the KB numbers (i.e. KB1234567) for the Windows Updates installed on June 12th
===================================================

Virustotal Online Virus Scanner

--------------------
  • Please go to Virustotal
  • Select Choose File
  • Navigate to the following file (if multiple files then one at a time), double click on it so the file name is populated, then click Scan it!
  • IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.

C:\Windows\wininit.ini

  • Once completed, highlight the information in the address bar and copy then paste the link in your reply
virustotal.jpg
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Recognize icytower1.5?
  • SystemLook information
  • Windows Update information
  • Virustotal link

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 witchswan

witchswan
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:01:39 AM

Posted 05 July 2013 - 03:26 PM

Hi Gary,  Thanks for the fast reply.  I downloaded icytower1.5  from http://www.freelunchdesign.com/icytower/?id=16

 

Had become addicted to it with my Windows XP system.  It's a bit buggy and does get to not work properly every now and then so I uninstall it and redownload it again.  Addiction is a terrible thing!

Here is all the info you asked for.

----------------------------------------------------

 

SystemLook 30.07.11 by jpshortstuff
Log created at 15:34 on 05/07/2013 by Sue
Administrator - Elevation successful

========== dir ==========

C:\Windows\System32\FxsTmp - Parameters: "/s"

---Files---
None found.

No folders found.

-= EOF =-

 

---------------------------------------------------

June 12th updates

 

KB2836939

KB2804576

KB2789642

KB2742595

KB2737019

KB2729449

KB2686827

KB2656405

KB2656368v2

KB2656368

KB2656351

KB2604121

KB2600217

KB2533523

KB2468871

KB2836942

KB2836943

KB2845690

KB2839894

KB2836502

KB2834140

KB2813430

KB2808679

 

I find this strange, don't remember that many updates listed to be downloaded June 12 2013.

 

-----------------------------------------

 

https://www.virustotal.com/en/file/f749a7c5101f3a2b04c5da386f886c74600be2370e3c4e9959157302b55b9196/analysis/1373055630/

 

 

 

 

 

 

 



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:39 PM

Posted 05 July 2013 - 03:36 PM

Hi Sue,

The program is fine (other than the addiction thing!) as long as you know it is there.

Have there been updates after June 12th? Don't need to know KB numbers just need to know if any exist.

Edited by Oh My, 05 July 2013 - 03:36 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 witchswan

witchswan
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:01:39 AM

Posted 05 July 2013 - 03:47 PM

Hi again Gary,  I looked through Start, All Programs, Windows Update, there only 12 updates show for June 12, 2013.  It shows 7 definition updates for Windows Defender, 4 failed for IE 10, 1 successful for IE 9, and 1 for IE10.  Those 13 were installed after June 12.  IE10 is still unusable though even after the last successful update.



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:39 PM

Posted 05 July 2013 - 03:50 PM

OK, I just wanted to see if Windows Update was stuck, and it is not.

Please run this for me.

===================================================

Running TDSSKiller with Changed Parameters

--------------------
  • Please download TDSSKiller from here and save it to your Desktop
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters

tds2.jpg

  • Check Loaded Modules and Detect TDLFS file system. Do not check Verify file digital signatures (even though it is checked in the example)
  • If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now

2012081514h0118.png

  • Click Start Scan and allow the scan process to run

tds4-1.jpg

  • If threats are detected select Skip for all of them unless I instruct you otherwise
  • Click Continue

tds6.jpg

  • Click Reboot computer
  • Please zip and attach in your reply the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • TDSSKiller log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 witchswan

witchswan
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:01:39 AM

Posted 05 July 2013 - 06:07 PM

Gary, thanks for the link to zip a folder.  I have not zipped anything since the days of DOS!!  So easy when you know how.  The scan said nothing detected.

Attached Files



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:39 PM

Posted 05 July 2013 - 07:02 PM

OK, please go back to the installed updates and uninstall IE 10 which is likely KB2718695.

Reboot and see if there is any difference.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 witchswan

witchswan
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:01:39 AM

Posted 05 July 2013 - 08:30 PM

Hi Gary,  uninstalled IE 10, now have IE 9 again, but it has not remembered my passwords etc.  It does have some of my previous URLs still in memory, but not all.  It did remember my chosen home page, but not the password and log in info.  Was able to get to a few sites without problems, and able to click on the About Internet Explorer link and see that info.

 

My day is almost over.  Will check back tomorrow morning. 

 

 



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:39 PM

Posted 05 July 2013 - 08:44 PM

OK thanks, real quickly what issues are you having at this point?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 witchswan

witchswan
  • Topic Starter

  • Members
  • 93 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Canada
  • Local time:01:39 AM

Posted 06 July 2013 - 10:53 AM

Morning Gary,  Since the Combofix scan the computer seems to be working well, I am able to connect to the internet again without problems.  Nothing too much new seems to be going wrong, except for the display problems with the new Firefox 22.0 update.  I have been given a work around from Mozilla Support, but have not tried it yet as that information arrived after I posted for help here and was told not to make any changes unless told to do so.

 

Mostly I would like to know just what the infection was and is it gone?  Was I hacked, or had Rootkits again?  And to understand what was deleted and if program files need to be re-installed.  There are residual effects of the scan though. 

 

The inability to install IE 10 and have it actually work, IE9 works, but does not remember passwords etc.  Does this mean some Win7 OS files were deleted?  I have Windows update set to inform me when they are available and let me choose to install them or not.  IE 10 is offered again, should I try to install it again?

 

My Brother printer software shows the printer as being offline and having no ink, I guess I have to uninstall and reinstall that?

 

The problem with Avast telling me Java needs to be updated, it flashes a warning multiple times a day that my software health is critical, but Firefox says I have the latest update, yet my Java date is not the latest update release date.  It is more than a little confusing.  I also cannot get the Java control panel icon to display in the status bar at the bottom of the Win 7 window.  Given all the problems with Java being unsecure I have disabled it in Firefox, the default broswer.  It does not show in installed add-ons in IE9 though, it used to be there.  I no longer get the Java update icon showing in the bottom status bar when updates are available, even though I had asked for it to show.  Updating Java is very difficult without that. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users